Privacy Policy

This policy describes our privacy practices for the HUMA application and related services. It is provided for transparency and to support integrations such as Google Sign-In and optional Gmail connection. It is not legal advice. Have qualified counsel review this document, especially if you process data in the EU, UK, California, or regulated industries, before relying on it for compliance.

1. Who we are

HUMAIN ("we," "us," "our") provides the HUMA platform: AI-assisted recruiting workflows, interviews, communications, and related features. We are based in Singapore. For privacy requests, contact admin@humain-tech.com.

2. Scope and roles

This policy applies to:

Host and recruiter users who create accounts and workspaces (managing positions, candidates, billing, and settings).
Candidates and other participants invited to flows such as AI calls, video interviews, or assessments, who provide contact details, CVs, media, or other information.
Visitors to our websites and marketing properties where we describe the product or collect limited technical data.

Depending on your relationship with us and how you use HUMA, different parties may determine how personal data is processed. Often, your organization (customer) decides how candidate and recruiting content is used for hiring, while we operate the platform, account services, security, and subprocessors described below. The exact allocation is fact-specific; enterprise customers may rely on separate agreements (such as a data processing addendum) where applicable.

3. Information we collect

We may collect or process categories of information including:

Account and profile: name, email, credentials, workspace membership, roles, settings, and identifiers from sign-in providers (for example Google or Microsoft account IDs when you use those login methods).
Recruiting and workspace data: job postings and descriptions, candidate profiles, application status, notes, CVs and uploads, and communications metadata needed to run workflows.
Communications: transactional email (verification, security, billing notices); email sent through the platform when a workspace user connects a mailbox (see Google and Microsoft sections below).
Meetings and media: audio, video, screen or recording data from interviews and related sessions; transcripts produced from those sessions.
Proctoring and session integrity (where enabled): session events, camera or microphone streams or recordings used for integrity review, as disclosed in-product and where consent is obtained as required.
Technical and usage: IP address, device and browser type, logs, WebSocket or session metadata, security and audit records, and similar diagnostic data.
Billing: billing contact details and payment-related metadata. Card payments are processed by Stripe; we do not store full card numbers on our servers.
Support and feedback: information you submit when contacting support or providing product feedback.

The application may use browser local storage (for example for session tokens) to keep you signed in. We describe cookies and similar technologies below.

4. How we use information

We use personal data to:

Provide, operate, and improve HUMA (including AI-assisted features you enable).
Authenticate users, secure accounts, detect abuse, and maintain audit logs.
Process subscriptions and invoices through our payment provider.
Send service-related and transactional messages.
Comply with law, respond to lawful requests, and enforce our terms.
Run analytics on our marketing site or product only if we deploy analytics tools; if we do, we will update this policy to name them and describe choices where available.

5. Google user data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements where restricted scopes apply.

5.1 Google Sign-In

When you sign in with Google, we verify a Google-issued token and read basic profile information from Google userinfo (such as your Google subject identifier, email address, and name) to create or access your account. This is separate from optional Gmail connection for sending mail.

5.2 Gmail connection (optional — sending only)

If a workspace user connects Gmail to send candidate-facing email from their own address, we request OAuth scopes that include https://www.googleapis.com/auth/gmail.send and https://www.googleapis.com/auth/userinfo.email. We use this access to send messages through the Gmail API when you initiate or automate sends from the platform. We store OAuth tokens (including refresh tokens) in encrypted form so sending can continue until you disconnect.

We do not use this Gmail connection to read, index, or analyze the contents of your inbox for ads or unrelated purposes. If we ever change scopes or uses, we will update this policy and obtain appropriate consent before new processing.

We do not sell Google user data. Use of data received through Gmail integration will not be used for general advertising personalization in ways that conflict with Google's Limited Use requirements for restricted scopes.

6. Microsoft sign-in and mail (if you use them)

Where available, Microsoft sign-in and optional Microsoft 365 / Outlook connection for sending mail work similarly: we use the permissions you grant (for example send mail) to deliver messages you trigger from HUMA, handle tokens securely, and process data as described here and in Microsoft's terms.

7. AI and model providers

Some features send content (such as CV text, job descriptions, transcripts, or prompts) to third-party AI providers to generate summaries, scores, chat replies, or other outputs. Providers may include vendors such as OpenAI, Anthropic, and Google (including Gemini where used). We may log usage for billing and reliability. Do not submit secrets or data you are not permitted to share with such vendors.

8. Legal bases (GDPR and similar)

Where the GDPR or similar laws apply, we rely on appropriate bases such as performance of a contract, legitimate interests (for example security and product improvement, balanced against your rights), and consent where required (for example certain recordings or marketing). The precise basis depends on context; your counsel can map this to your deployment.

9. Cookies and similar technologies

We use technologies necessary to operate the service (for example authentication storage). If we add non-essential cookies on the marketing site, we will describe them and, where required, request consent.

10. Subprocessors and service providers

We use trusted service providers to host and operate HUMA. They process data on our instructions and under contractual safeguards. Examples include:

Payments: Stripe
Email delivery: Resend; Mailgun (for example as SMTP fallback)
Object storage: Cloudflare R2 (and comparable infrastructure) for files such as CVs, uploads, and recordings
Video and meetings: Daily.co and related recording or transcript services
Transcription: providers such as Deepgram where used
AI: OpenAI, Anthropic, Google (Gemini / Cloud APIs as applicable)
Infrastructure and realtime: hosting providers, Redis or similar for channels and caching, WebSocket infrastructure
Authentication: Google, Microsoft, and JWT-based session handling

We may update this list as vendors change; check this page periodically or contact us for the current subprocessors relevant to your workspace.

11. International transfers

We and our subprocessors may process data in Singapore, the United States, the European Economic Area, and other regions where they operate. Where required by law, we use appropriate transfer mechanisms (such as Standard Contractual Clauses) as advised by counsel.

12. Retention

We retain personal data for as long as needed to provide the service, comply with law, resolve disputes, and enforce agreements. Retention for recordings, transcripts, and recruiting records may depend on workspace settings, customer instructions, and legal holds. Backups may persist for a limited period after deletion.

13. Security

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, encryption for sensitive secrets such as stored OAuth refresh tokens, access controls, and monitoring. No method of transmission or storage is completely secure.

14. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing or to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact admin@humain-tech.com. We may need to verify your request. If your data is controlled by a customer organization, we may direct you to them for certain requests.

California (CPRA): If you are a California resident, you may have additional rights regarding personal information, including rights to know, delete, and correct, and to opt out of certain sharing (we do not sell personal information in the conventional sense of selling lists for money). Contact us using the email above; you may designate an authorized agent where permitted by law.

15. Children

HUMA is a business recruiting product and is not directed at children. We do not knowingly collect personal information from children under 16 (or the age required in your jurisdiction). If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

16. Third-party links

Our sites may link to third-party websites or services. Their privacy practices are governed by their own policies; we are not responsible for them.

17. Changes

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Where changes are material, we may provide additional notice (for example by email or in-product notice).

18. Contact

Questions about this policy, privacy rights, or related legal matters: admin@humain-tech.com
Website: humain-tech.com